The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of the op (1Password CLI) and tmux binaries to manage secrets. This is the primary intended purpose of the skill and is handled using best practices such as redirecting sensitive output to /dev/null.
[DATA_EXPOSURE_AND_EXFILTRATION]: The skill accesses potentially sensitive data sources including the user's system clipboard (via pbpaste) and local environment configuration (~/.profile). These accesses are documented as necessary steps for retrieving secrets and service tokens without exposing them in command history or logs.
[INDIRECT_PROMPT_INJECTION]: The skill represents an attack surface for indirect prompt injection as it ingests untrusted data from the 1Password vault and system clipboard into the agent's context using tmux capture-pane.
Ingestion points: Data is read into the context via pbpaste and op item get results captured by tmux capture-pane in SKILL.md.
Boundary markers: The skill includes instructions to the agent to never paste secrets into logs or chat, serving as a procedural boundary.
Capability inventory: The skill has the capability to execute shell commands, read local files (~/.profile), and perform 1Password vault operations.
Sanitization: The skill uses sed to redact potential Slack tokens in debug output but relies on the agent's internal safety filters for other content.
[DYNAMIC_EXECUTION]: The skill dynamically generates and executes shell commands inside tmux sessions using send-keys. This behavior is used to maintain stateful, interactive sessions for authentication (e.g., biometric prompts) which is standard for this tool's use case.

one-password